Study finds widespread privacy failings in online social networks

Jul 21, 2009

(PhysOrg.com) -- Furious competition between social networking sites is compromising the protection of users' data, a Cambridge University study has concluded.

The survey covered 45 global social networks, ranging from popular sites such as MySpace and Facebook through to lesser-known foreign networks. Its authors report "serious concerns" about the extent to which these sites fail to keep users' personal information private.

It is the first detailed analysis to examine the security provisions of a large number of social networks. The report, by researchers in the University's Computer Laboratory, is being made freely available online.

While the problems it identifies - such as misleading privacy policies and inaccessible privacy guidelines - have long been suspected, the report provides new numerical data to confirm their scope.

Some 90% of sites, for example, needlessly required a full name or date of birth for permission to join. 80% failed to use standard encryption protocols to protect sensitive user data from . And 71% reserved the right to share user data with third parties in their privacy policies.

The study also argues that privacy is being compromised by rigorous competition for users. Researchers argue that open discussion of privacy on puts off the average user, which discourages the owners from producing explicit or accessible privacy guidelines.

"Sites want users to be relaxed and having fun, but when privacy is mentioned users feel less comfortable sharing data," Co-researcher Joseph Bonneau said. "Even sites with good privacy feel that they can't promote it, so users have no idea of what they're getting."

The researchers only covered sites which are available in English, signing up to each using a Yahoo! Email account and the pseudonym "Upton Sinclair".

In each case, Bonneau and his fellow researcher, Sören Preibusch, recorded the amount of personal information that they had to hand over in order to sign up to the site and how much they were told about its privacy policy and settings in the process. They also analysed how much they could see about the site's existing members before they joined.

Once they were signed up, the researchers tested each site's privacy controls against 260 criteria, examining features such as log-in arrangements and the site's privacy policy and configuration controls.

They found what the report calls "pervasive problems", including poor web security practices, confusing user-interfaces and misleading privacy policies.

All but three of the general purpose sites they examined left new profiles completely visible to at least all the other members of the site by default. As previous studies have suggested that between 80% and 99% of users never alter their privacy settings, this means that in most cases their profiles will remain visible.

The researchers also produced privacy scores for each of the networks assessed. Bebo and LinkedIn were ranked the highest for their privacy settings, while the British site Badoo earned the wooden spoon. Facebook and , frequently the targets of privacy critics, finished slightly above average. In general, the researchers found that the larger, more popular and older sites maintained better privacy practices and adopted higher privacy standards.

"The popular sites are just the tip of the iceberg," Preibusch said. "Niche sites implement significantly less favourable privacy practices and offer fewer controls to their users to configure the sharing of personal information."

Overall, the report also found that sites which promoted their privacy controls as a selling point tended to be those with fewer users joining the site. It suggests that this may be because the vast majority of people, while they may claim to be concerned about privacy, tend to forget about or ignore the possibility that this may be jeopardised when offered an attractive service.

Since the sites depend on acquiring as many users as possible, the researchers argue that most social networks opt to set up long and complicated privacy measures which, in most cases, it is difficult to access or even find. At the same time, they show off how many users they have and how easy it is to make friends, or share photos, videos and music - all features which it would be harder to sell with stricter privacy controls.

The privacy policies remain in place, the researchers suggest, to placate a vocal minority of "privacy fundamentalists", who might otherwise expose the lack of policy to the wider majority, prompting a discussion which, through its very existence alone, might dissuade prospective new members from joining.

The report calls for an "opt-out" approach to privacy, in which users' details are kept private until otherwise stated. It also calls for stronger across-the-board regulation, and suggests that sites could offer "premium" membership schemes which allow users to handle their privacy settings in greater detail if they so wish, a scheme known as "privacy negotiations".

The full report along with the original dataset can be downloaded at: preibusch.de/publ/privacy_jungle

Provided by University of Cambridge (news : web)

Explore further: Protecting infrastructure with smarter CPS

add to favorites email to friend print save as pdf

Related Stories

Facebook plans to simplify privacy settings

Jul 01, 2009

(AP) -- Facebook is overhauling its privacy controls over the next several weeks in an attempt to simplify its users' ability to control who sees the information they share on the site.

Watchdog: Facebook violates Canadian privacy law

Jul 16, 2009

(AP) -- Canada's privacy commissioner says the online social networking site Facebook breaches Canadian law by keeping users personal information indefinitely after members close their accounts.

Report: Widespread data sharing, 'Web bugs'

Jun 02, 2009

(PhysOrg.com) -- Researchers at the University of California, Berkeley's School of Information released a report late Monday (June 1) showing that the most popular Web sites in the United States all share ...

Internet users give up privacy in exchange for trust

Nov 22, 2007

With public concern over online fraud, new research, funded by the Economic and Social Research Council, has revealed that internet users will reveal more personal information online if they believe they can trust the organisation ...

Recommended for you

Protecting infrastructure with smarter CPS

7 hours ago

Security of IT networks is continually being improved to protect against malicious hackers. Yet when IT networks interface with infrastructures such as water and electric systems to provide monitoring and control capabilities, ...

Apple helps iTunes users delete free U2 album

20 hours ago

Apple on Monday began helping people boot U2 off their iTunes accounts after a cacophony of complaints about not wanting the automatically downloaded free album by the Irish rock band.

Habitual Facebook users: Suckers for social media scams?

Sep 15, 2014

A new study finds that habitual use of Facebook makes individuals susceptible to social media phishing attacks by criminals, likely because they automatically respond to requests without considering how they are connected ...

YouTube to go offline in India on Android phones

Sep 15, 2014

YouTube users in India will soon be able to save videos from the Google-owned service, making it possible to watch them offline, and the feature will eventually be available globally, the company said Monday.

Facebook vs. loneliness

Sep 15, 2014

Are people becoming lonelier even as they feel more connected online? Hayeon Song, an assistant professor of communication at UWM, explored this topic in recent research.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

AMMBD
not rated yet Jul 22, 2009
". . .the vast majority of people, while they may claim to be concerned about privacy, tend to forget about or ignore the possibility that this may be jeopardised when offered an attractive social networking service."

privacy, particularly online, has been a hot topic for YEARS. if people refuse to listen, remember & act as needed to protect their privacy - then they are fools.